cleantalk
Vulnerabilities and Security Researches

Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue), CVE-2021-24923

CVE, Research URL

CVE-2021-24923

Home page URL

Security reports for Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue)

Application

Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue)

Published on
Jan 24, 2022
Research Description
The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.25 does not escape the sib-statistics-date parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue
Affected versions
max 3.1.61.
Status
vulnerable
Previous vulnerability researches
Mailing Group Listserv (CVE-2025-46463) , May 05, 2025
Mailing Group Listserv (CVE-2025-22595) , Jan 11, 2025
Mailing Group Listserv (CVE-2025-22527) , Jan 11, 2025
Mailing Group Listserv (CVE-2025-50036) , Jun 23, 2025
SMTP Mailing Queue (CVE-2023-1090) , Jun 07, 2024
New vulnerability
SiteGuard WP Plugin (CVE-2026-27411) , Mar 29, 2026
Visual Portfolio, Photo Gallery & Post Grid (CVE-2026-32537) , Mar 29, 2026
StatCounter – Free Real Time Visitor Stats (CVE-2025-13048) , Mar 29, 2026
TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds (CVE-2026-32398) , Mar 29, 2026
Activity Log WinterLock (CVE-2026-24987) , Mar 29, 2026